One in all Solana’s flagship decentralized exchanges turned the most recent sufferer of a crypto exploit on Wednesday, when an attacker drained greater than $1.34 million from 5 dormant liquidity swimming pools on Raydium, including recent urgency to an already bruising 12 months for decentralized finance safety.
The exploit focused Raydium’s legacy AMM V3 program and drained roughly $1.34 million from 5 inactive liquidity swimming pools. The affected swimming pools — Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL — had been phased out following the deprecation of the Serum protocol in 2021.
The attacker bypassed validation checks within the outdated AMM V3 program, minted new liquidity supplier tokens with out depositing corresponding property, then withdrew and transformed the positions. The exploiter’s Solana handle ends in “Bq33QVk.” In greenback phrases, the attacker made off with practically $900,000 in USDC, roughly $357,000 in SOL, and $86,000 price of RAY.
The vulnerability originated from inadequate validation of the LP mint handle throughout the Legacy AMM V3 program. As a result of this system did not correctly confirm the LP mint, the attacker created a brand new mint and used it because the LP token, successfully bypassing the proportion checks that have been meant to control liquidity elimination.
Raydium moved shortly to include the fallout. Pseudonymous Raydium contributor 0xInfra confirmed the incident through X, stating that no present customers have been affected and couldn’t have interacted with the deprecated swimming pools by way of the platform’s UI since their phase-out. The venture confirmed full compensation for all affected customers can be dealt with straight by way of its treasury, masking your entire $1.34 million throughout all 5 impacted swimming pools. Raydium’s core contributors additionally introduced a complete safety overview of all mainnet packages to confirm that no comparable logic flaws exist throughout any lively code.
Solana Change Raydium Hit With $1.34 Million Exploit as DeFi Assaults Develop
A Ghost within the Machine
The incident raises a query that has turn out to be more and more uncomfortable throughout DeFi: what occurs to code that’s formally retired however by no means totally faraway from the blockchain?
The loss exhibits how outdated liquidity swimming pools can stay financially harmful lengthy after a protocol’s consumer interface, SDKs, and foremost product routes transfer elsewhere. The affected contracts nonetheless held stay property on-chain regardless of being phased out of Raydium’s present utility interface and lively liquidity stack.
As a result of sensible contracts are immutable, totally eradicating outdated code that also holds funds isn’t simple. This incident exhibits an actual weak spot in DeFi: outdated contracts can nonetheless turn out to be targets for attackers in search of edge circumstances. Raydium had transitioned to newer AMM variations, together with V4 and V5, which make the most of digital provide mechanisms alongside stricter account verification protocols — however the deprecation of the legacy program didn’t wipe its on-chain footprint.
After stealing the property on Solana, the funds have been bridged to Ethereum and at the moment are being laundered through Twister Money, based on blockchain investigator Specter. That exit path — bridge to Ethereum, deposit into the sanctioned mixer — has turn out to be a well-recognized playbook for DeFi exploiters in search of to complicate restoration efforts. US authorities sanctioned Twister Money in 2022, and its continued use in exploit laundering offers regulators ammunition to argue for stricter oversight of DeFi protocols.
Raydium (RAY) Value Chart
A Deteriorating Safety Panorama
The Raydium hack arrives at a second when DeFi’s safety monitor file is underneath acute scrutiny. The sector has already misplaced over $750 million to hacks and exploits in 2026, pushed largely by the roughly $292 million KelpDAO exploit and the $285 million Drift Protocol breach.
Drift Protocol misplaced $285 million on April 1 after a North Korean hacking group spent six months socially engineering its method into the Solana-based DEX, whereas KelpDAO’s LayerZero bridge was drained of $292 million in rsETH on April 19. These two incidents alone brought on 95% of April’s complete DeFi injury, triggering a mass exit from DeFi and rating among the many high ten hacks since 2021.
What makes the present atmosphere notably alarming is the widening assault floor. Neither of the 2 largest exploits of 2026 concerned a sensible contract vulnerability — code audits, formal verification, and bug bounty packages wouldn’t have prevented Drift or KelpDAO. As a substitute, social engineering, compromised infrastructure, and governance weaknesses have emerged because the dominant vectors.
Including a brand new dimension to the risk panorama, AI is now enjoying a documented function in vulnerability discovery. Safety researcher Taylor Hornby recognized a important four-year-old vulnerability in Zcash’s Orchard shielded pool on Could 29 by working a customized auditing agent framework paired with Anthropic’s Claude Opus 4.8 mannequin, then wrote a whole working exploit in an area check atmosphere. The bug would have allowed an attacker to mint limitless ZEC tokens contained in the Orchard pool with out detection, and its disclosure despatched ZEC crashing greater than 38% in a single day. Whereas the Zcash disclosure was a white-hat discover — and there’s no proof AI instruments have been used within the Raydium assault — it underscores the accelerating functionality of AI-assisted auditing on either side of the safety equation.
Market Response and Outlook
Market response to the Raydium exploit was restricted. RAY fell about 2% within the 24 hours after the disclosure and roughly 13% over the prior week, with the token remaining far under its all-time excessive.
For the broader DeFi ecosystem, the incident carries implications past the greenback determine. Legacy contracts, deserted swimming pools, and residual permission settings symbolize a category of danger that conventional code audits don’t systematically handle. As protocols evolve and migrate to newer architectures, the operational burden of cleanly decommissioning outdated infrastructure — not simply eradicating UI entry, however auditing and safely winding down on-chain contracts that also maintain worth — has turn out to be a urgent safety obligation.
The Raydium incident is a transparent reminder that “deprecated” doesn’t all the time imply protected within the blockchain world.
